[ELECTRON] hosting WikiLeaks mirrors - don't try this at home

Ian Bitmap bitmap303 at googlemail.com
Wed Dec 8 15:01:41 UTC 2010 

Thanks Si, interesting stuff.

On 7 December 2010 18:00, Simon Yuill <simon at lipparosa.org> wrote:

> Hi,
>
> Got this rather topical email from my hosting provider today which casts
> some light on the practical-legal-political life of web servers. It's a
> bit long so if you just want the 'interesting' bits scroll down to the
> "Risks to your domain name" section near the bottom.
>
> best wishes
> Si
>
>
>
> *** START ***
>
> Hi,
>
> I've had a few people ask about hosting WikiLeaks mirrors at BitFolk
> and whether it is allowed.
>
> These are my thoughts on the subject at the moment. Depending on how
> things go they may have to change.
>
> - TLDR version
>
> This is very risky; we recommend you do not do it. Also if you did
> do it, UK is not a very good place to do it from. If you feel you
> must do it, please read the rest of this email.
>
> - Risk of DDoS
>
> Hosting contentious material such as a WikiLeaks mirror can (and
> has) drawn denial of service attacks. If you are the subject of a
> denial of service attack then our policy is described here:
>
> http://bitfolk.com/policy/netabuse.html
>
> Should such a mirror hosted at BitFolk become subject of a large
> denial of service we would need to ask our upstream to ask their
> upstreams to blackhole the IP address of the mirror. This would not
> be instant and the traffic received in the meantime would be
> chargeable. We would also require you not to put your mirror back up
> after the attack stops.
>
> This could result in a bill of thousands of pounds to you.
>
> - Risk of UK government intervention
>
> This is not legal advice, but it is my experience that should UK
> government find an interest in knowing who you are and/or stopping
> you from doing it then all they have to do is get a court order or
> section 22 notice under the Regulation of Investigatory Powers Act.
> As a UK company we are legally obliged to act on these and may not
> be able to tell you that one has been received.
>
> - Risk of libel action
>
> This is not legal advice, but it is well known that UK has an
> extremely harsh libel system that makes it very difficult to publish
> information about people that those people do not like. Should you
> publish something (say, in a WikiLeaks mirror) that says something
> about an individual or company that they do not appreciate being
> published, then they may decide to sue you.
>
> If that were to happen, we would ask you to remove the information.
> Even if you believe that the information is true, we would ask you
> to provide a large (tens of thousands of £) deposit to cover our
> possible legal costs should you decide you want to prove the truth
> of the statements in court.
>
> Does this mean that anyone with enough money can stop you
> publishing, via a cheap UK hosting account, things they don't like?
> Yes unfortunately it does, but that is how UK libel laws work, and
> there is no UK hosting company that will let you continue to publish
> such things once they have received a notice of action for libel,
> unless you indemnify them.
>
> - Risks to your domain name
>
> Top level domains in com/net/org are operated by Verisign, a US
> corporation. As such they are required to obey US law. As a
> consequence of the PATRIOT Act it is possible for the US government
> to hand Verisign a sealed, secret court order requiring them to
> suspend services. This has been done before for sites that are
> alleged to assist in the sale of counterfeit goods and illegal
> distribution of copyright material.
>
> The effect of the above happening would be that your domain name
> stops resolving and you can't work out why, and neither can your
> registrar.
>
> They may not even need to go that far as Verisign may choose to
> react on a mere *request* from their government, and if they don't
> then your registrar may decide to act upon a *request* also.
>
> - In summary
>
> Given all of the above, I believe that hosting a WikiLeaks mirror on
> a BitFolk VPS is one of the more risky things you could do. I
> personally would not do it and would not recommend doing it. I also
> think that any UK host is a poor choice for such a mirror and the
> resources would be better sent elsewhere. If despite all of the
> above you still want to do it, so be it.
>
> Should the risks get worse, for example if the encrypted file that
> WikiLeaks have been distributing as insurance has its key released
> and mirrors start getting overloaded or attacked, we might need to
> change our policy on this to "absolutely do not do this".
>
> Cheers,
> Andy
>
> *** END ***
>
>
> _______________________________________________
> members mailing list
> members at electronclub.org
> http://lists.electronclub.org/cgi-bin/mailman/listinfo/members
>
> Instructions for changing your mailing list settings:
> http://lists.electronclub.org/emailhowto.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.electronclub.org/pipermail/members/attachments/20101208/556728c1/attachment.html>

More information about the members mailing list